passwordcheck: Add test suite

Also improve one error message.

Reviewed-by: David Steele <david@pgmasters.net>

diff --git a/contrib/passwordcheck/.gitignore b/contrib/passwordcheck/.gitignore
new file mode 100644 (file)
index 0000000..5dcb3ff
--- /dev/null
+++ b/contrib/passwordcheck/.gitignore
@@ -0,0 +1,4 @@
+# Generated subdirectories
+/log/
+/results/
+/tmp_check/

diff --git a/contrib/passwordcheck/Makefile b/contrib/passwordcheck/Makefile
index 4652aeb3d7cbed30c4ff4eb5eeec34735f661230..7edc968b9083d557bcbc1942cb2b27f2d89252e1 100644 (file)
--- a/contrib/passwordcheck/Makefile
+++ b/contrib/passwordcheck/Makefile
@@ -8,6 +8,11 @@ PGFILEDESC = "passwordcheck - strengthen user password checks"
 # PG_CPPFLAGS = -DUSE_CRACKLIB '-DCRACKLIB_DICTPATH="/usr/lib/cracklib_dict"'
 # SHLIB_LINK = -lcrack
 
+REGRESS_OPTS = --temp-config $(srcdir)/passwordcheck.conf
+REGRESS = passwordcheck
+# disabled because these tests require setting shared_preload_libraries
+NO_INSTALLCHECK = 1
+
 ifdef USE_PGXS
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)

diff --git a/contrib/passwordcheck/expected/passwordcheck.out b/contrib/passwordcheck/expected/passwordcheck.out
new file mode 100644 (file)
index 0000000..b3515df
--- /dev/null
+++ b/contrib/passwordcheck/expected/passwordcheck.out
@@ -0,0 +1,18 @@
+CREATE USER regress_user1;
+-- ok
+ALTER USER regress_user1 PASSWORD 'a_nice_long_password';
+-- error: too short
+ALTER USER regress_user1 PASSWORD 'tooshrt';
+ERROR:  password is too short
+-- error: contains user name
+ALTER USER regress_user1 PASSWORD 'xyzregress_user1';
+ERROR:  password must not contain user name
+-- error: contains only letters
+ALTER USER regress_user1 PASSWORD 'alessnicelongpassword';
+ERROR:  password must contain both letters and nonletters
+-- encrypted ok (password is "secret")
+ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13';
+-- error: password is user name
+ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48';
+ERROR:  password must not equal user name
+DROP USER regress_user1;

diff --git a/contrib/passwordcheck/passwordcheck.c b/contrib/passwordcheck/passwordcheck.c
index b80fd458ad731f881ee67c1f1ae811208ab1e2c5..64d43462f0663df848afb3412308c4d822e4bf06 100644 (file)
--- a/contrib/passwordcheck/passwordcheck.c
+++ b/contrib/passwordcheck/passwordcheck.c
@@ -70,7 +70,7 @@ check_password(const char *username,
                if (plain_crypt_verify(username, shadow_pass, username, &logdetail) == STATUS_OK)
                        ereport(ERROR,
                                        (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
-                                        errmsg("password must not contain user name")));
+                                        errmsg("password must not equal user name")));
        }
        else
        {

diff --git a/contrib/passwordcheck/passwordcheck.conf b/contrib/passwordcheck/passwordcheck.conf
new file mode 100644 (file)
index 0000000..f6604f3
--- /dev/null
+++ b/contrib/passwordcheck/passwordcheck.conf
@@ -0,0 +1 @@
+shared_preload_libraries = 'passwordcheck'

diff --git a/contrib/passwordcheck/sql/passwordcheck.sql b/contrib/passwordcheck/sql/passwordcheck.sql
new file mode 100644 (file)
index 0000000..59c84f5
--- /dev/null
+++ b/contrib/passwordcheck/sql/passwordcheck.sql
@@ -0,0 +1,21 @@
+CREATE USER regress_user1;
+
+-- ok
+ALTER USER regress_user1 PASSWORD 'a_nice_long_password';
+
+-- error: too short
+ALTER USER regress_user1 PASSWORD 'tooshrt';
+
+-- error: contains user name
+ALTER USER regress_user1 PASSWORD 'xyzregress_user1';
+
+-- error: contains only letters
+ALTER USER regress_user1 PASSWORD 'alessnicelongpassword';
+
+-- encrypted ok (password is "secret")
+ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13';
+
+-- error: password is user name
+ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48';
+
+DROP USER regress_user1;